Compilation of open-source security tools & platforms for your Startup

This compilation of open-source tools aim to provide resources you can use for some of the step of the secure development life cycle of your organization, ie: Security Training Security Architecture Review Security Requirements Threat Modeling Static Analysis OpenSource Analysis Dynamic Analysis Penetration Testing If you think I should add a new tool to the list you […]

Stop passing secrets via environment variables to your application

Environment variables are great to configure and change the behavior of your applications, however there’s a downside for that, if someone uses the `docker inspect` command your precious secrets will get revealed there, because of that you should never pass any sensitive data to your container using environment variables (the `-e` flag), I’ll show you […]

Build your own private cloud at home with a Raspberry Pi + Minio

Early this year I got one of those widescreen 5k monitors so I could work from home, the display is so cool but the sad thing is it only comes with 2 USB ports. I have a wired mouse and keyboard so when I wanted to connect an external hard drive for copying and backing […]

Commands and Code Snippets I usually forget

Some commands and code snippets I use rarely during CTFs or my daily work, but still I need them from time to time and I’m very lazy to remember them. This note may grow over time. Javascript Playing with dec, hexa and bin (not really) in JS [javascript] String.fromCharCode(0x41) // ‘A’ parseInt(‘0xf’, 16) // 15 […]

Security Fest #CTF – Zion write up

Para este reto nos daban un archivo comprimido zion.tar.gz, procedemos a descomprimirlo y obtenemos otro archivo llamado YouKnow. El archivo no tiene extension pero utilizamos el comando file para ver que tipo de archivo es. Parece un archivo de Microsoft Word Office y sabemos que los archivos docx en realidad son archivos en formato zip. […]